Office 365 – How NOT to do it UKNOF43.

Slides:

Advertisements

Similar presentations

SIP, Firewalls and NATs Oh My!. SIP Summit SIP, Firewalls and NATs, Oh My! Getting SIP Through Firewalls Firewalls Typically.

Advertisements

Fred P. Baker CCIE, CCIP(security), CCSA, MCSE+I, MCSE(2000)

Module 13: Implementing ISA Server 2004 Enterprise Edition: Site-to-Site VPN Scenario.

Building Your Own Firewall Chapter 10. Learning Objectives List and define the two categories of firewalls Explain why desktop firewalls are used Explain.

Firewall Configuration Strategies

Petros Lam VP, Sales & Marketing The Hong Kong School Net Ltd.

 Proxy Servers are software that act as intermediaries between client and servers on the Internet.  They help users on private networks get information.

Installing and Maintaining ISA Server. Planning an ISA Server Deployment Understand the current network infrastructure Review company security policies.

Faten Yahya Ismael.  It is technology creates a network that is physically public, but virtually it’s private.  A virtual private network (VPN) is a.

1 Enabling Secure Internet Access with ISA Server.

Week #10 Objectives: Remote Access and Mobile Computing Configure Mobile Computer and Device Settings Configure Remote Desktop and Remote Assistance for.

Course 201 – Administration, Content Inspection and SSL VPN

Barracuda Load Balancer Server Availability and Scalability.

Chapter 7: Using Windows Servers to Share Information.

Module 11: Remote Access Fundamentals

AWS Cloud Firewall Review Architecture Decision Group October 6, 2015 – HUIT-Holyoke-CR 561.

© 2006 Cisco Systems, Inc. All rights reserved.Cisco Public 1 Version 4.0 Implementing IP Addressing Services Accessing the WAN – Chapter 7.

1 Installing and Maintaining ISA Server Planning an ISA Server Deployment Understand the current network infrastructure. Review company security.

1 Week #5 Routing and NAT Network Overview Configuring Routing Configuring Network Address Translation Troubleshooting Routing and Remote Access.

Security fundamentals Topic 10 Securing the network perimeter.

Chapter 4: Implementing Firewall Technologies

Office 365 Performance Management. Meet Paul Andrew Office 365 Technical Product Manager – Office 365 datacenter, networking, identity management.

Presented by: Philippe Bogaerts Sr. Channel Field Systems Engineer Benelux Building an agile IPv6 infrastructure.

Defining Network Infrastructure and Network Security Lesson 8.

Firewalls Definition: Device that interconnects two or more networks and manages the network traffic between those interfaces. Maybe used to: Protect a.

VCE IT Theory Slideshows

Security fundamentals

Virtual Private Network Access for Remote Networks

Barracuda SSL VPN 2012.

Barracuda SSL VPN Remote, Authenticated Access to Applications and Data.

Barracuda SSL VPN Remote, Authenticated Access to Applications and Data Version 2.6 | July 2014.

Barracuda SSL VPN Remote, Authenticated Access to Applications and Data.

Chapter 7: Using Windows Servers

Contents Software components All users in one location:

Lab A: Planning an Installation

Installing TMG & Choosing a Client Type

Module 3: Enabling Access to Internet Resources

Virtual Private Networks

Barracuda SSL VPN Remote, Authenticated Access to Applications and Data.

Optimize your network for the cloud

Enabling Secure Internet Access with TMG

CONNECTING TO THE INTERNET

Securing the Network Perimeter with ISA 2004

Forefront Security ISA

Killtest Microsoft Exam

How Smart Networks are Changing Corporate Networks

Introducing To Networking

1Y0-253 Exam Implementing Citrix NetScaler 10.5 for App and Desktop Solutions

Download Microsoft Exam Sample Questions Dumps - Realexamdumps.com

Welcome To : Group 1 VC Presentation

IS4550 Security Policies and Implementation

2017 Real Questions

2018 Real Cisco Dumps IT-Dumps

2018 Real CompTIA N Exam Questions Killtest

Unit 27: Network Operating Systems

Company Spinoff – The Network Challenges

Azure AD Application Proxy

UNM Enterprise Firewall

AKAMAI INTELLIGENT PLATFORM™

Virtual Private Network

AbbottLink™ - IP Address Overview

Agenda Create certificates for the GlobalProtect Portal, internal gateway, and external gateway. Attach certificates to a SSL-TLS Service Profile. Configure.

LOAD BALANCING INSTANCE GROUP APPLICATION #1 INSTANCE GROUP Overview

A - E Cloud Enterprise Symbols

Route web traffic using Azure CLI

Citrix 1Y0-440 Architecting a Citrix Networking Solution.

Securing web applications Externally

VNet and Cross-Premises Connectivity

Presentation transcript:

Office 365 – How NOT to do it UKNOF43

Andrew Ingram Owner of High Tide Consulting Corporate mergers, acquisitions and divestments expertise Infrastructure Applications User migrations etc Design and Build Data Centres, Citrix, AD Always looking for the next challenge!

Before the cloud Proxy servers where king Routing all internet traffic over WAN or VPN back to the DC All external DNS requests send back to the DC Firewall at the DC handling NAT for the whole company out of a single IPv4 address

Then came the cloud More traffic to the Internet, links not big enough WAN links are expensive Global DNS load Balancing broke with Central DNS DC Firewall started to struggle Proxy servers struggle QOS implemented as a temporary solution

Then came O365 O365 is not Proxy server friendly O365 merges applications and web browser apps together Global DNS Load balancing heavily used CDN networks heavily used with a large list of URL’s O365 use TCP Windows Scales TCP Idle times default of 100 to 300 seconds (Previously recommended best practice) Updates of CRL (Certificate Revocation List)

What to Plan for Local internet breakout Local DNS Breakout Enterprise grade internet links (Not a domestic ADSL line) Internet Routing, need for a default gateway High number of NAT connections Network devices work on IP ACL, O365 is primarily URL based

Challenges Security, sending all traffic via a proxy made people feel safe. NAT Connections, NAT pools may be needed Need to start thinking of security at the Endpoint and not just the Perimeter

NAT – How bad can it get Maximum supported devices behind a single public IP address = (64,000 - restricted ports)/(Peak port consumption + peak factor) Restricted ports: 4,000 for the operating system Peak port consumption: 6 per device Peak factor: 4 Total of 6,000 devices accessing O365 on a single address

How should you NOT do Office 365 Many companies don’t do the correct assessment and expect it to just work! Some parts of Office 365 need to talk at Windows System Layer (Causes issues with Proxy and Firewall Authentication) Windows Network Awareness can cause issues If deploying Microsoft Team with Voice and Video ensure WAAS or SD-WAN ensure associated services are configured correctly

Creative Work Arounds Bypass Proxy for Office 365 Traffic (PAC Files) Cisco Umbrella Branch to direct DNS requests out of local link without a global update to DNS (Inspection rule on local WAN router) Inject a Default route into the local site out of the DIA link Permit 443 and 80 out of the Local link (Security not happy ) Creating Stub zone in local DNS to refer Microsoft URL to google DNS servers. This forces the local client to query google DNS servers direct. (Not nice)